Claim Listing 



1-12. (Cancelled) 

1 3 . (Previously presented) A method comprising : 

receiving from a subscriber station on an access network an authentication request, the 
authentication request identifying the subscriber station and identifying a designated service 
provider from among a plurality of service providers; 

sending the authentication request to the designated service provider; 

receiving from the designated service provider an authentication response indicating 
successful authentication of the subscriber station by the designated service provider, wherein 
the authentication response includes a service qualification that indicates at least one of (i) one or 
more types of services authorized for the subscriber station and (ii) one or more extents of 
service authorized for the subscriber station, wherein the service qualification specifies one or 
more types of communication and, for each specified type of communication, specifies whether 
the subscriber station is allowed to engage in the specified type of communication; 

responsive to the authentication response, assigning the subscriber station to operate in a 
designated layer of the access network set aside for subscribers that have been authenticated by 
the designated service provider and to operate according to the service qualification, wherein the 
access network is an IP network and the designated layer is an IP subnet, and wherein assigning 
the subscriber station to operate in the designated layer comprises assigning to the subscriber 
station an IP address in the IP subnet; and 

serving the subscriber station in the designated layer of the access network and pursuant 
to the service qualification indicated in the authentication response, 



wherein serving the subscriber station in the designated layer comprises handling 
communications with the subscriber station according to a logic set established for the 
designated layer, 

wherein handling communications with the subscriber station according to the logic set 
established for the designated layer comprises (i) detecting a packet bearing the IP address 
assigned to the subscriber station, and (ii) responsively applying the logic set to restrict 
transmission of the packet, 

wherein handling communications with the subscriber station according to the logic set 
established for the designated layer comprises disallowing at least a predetermined type of 
communication from passing from the subscriber station to outside of the access network, and 

wherein serving the subscriber station pursuant to the service qualification indicated in 
the authentication response comprises, for each type of communication specified in the service 
qualification, allowing or disallowing the type of communication by the subscriber station as 
specified by the service qualification. 

14-16. (Cancelled) 

17. (Previously presented) The method of claim 13, wherein serving the 

subscriber station in the designated layer of the access network comprises: 

a gateway on the access network detecting a web page being sent to the subscriber 
station; and 

the gateway modifying the web page to include an advertisement for the designated 
service provider. 



18. (Previously presented) The method of claim 13, further comprising 
prompting the subscriber station to provide the authentication request. 

19. (Previously presented) The method of claim 18, wherein prompting the 
subscriber station for the authentication request comprises: 

presenting to a user of the subscriber station a set of the plurality of service providers; 

and 

prompting the user to select a service provider from among the plurality presented, 
wherein the user selects the designated service provider from among the plurality. 

20. (Original) The method of claim 13, wherein the access network comprises a 
wireless access network. 

21. (Previously Presented) A method carried out by an access network, the 
method comprising: 

prompting a first client station to select a service provider from among a plurality of 
service providers, and receiving a signal from the first client station, indicating a first selected 
service provider; 

sending a first authentication request message for the first client station to the first 
selected service provider, the first authentication request message indicating authentication 
information for the first client station; 

receiving a first authentication response message from the first selected service provider, 
the first authentication response message indicating that first client station is authenticated by the 
first selected service provider, wherein the first authentication response includes a first service 



qualification that indicates at least one of (i) one or more types of services authorized for the first 
client station and (ii) one or more extents of service authorized for the first client station, 
wherein the first service qualification specifies one or more types of communication and, for 
each specified type of communication, specifies whether the first client station is allowed to 
engage in the specified type of communication; and 

in response to the first authentication response message, restricting the first client station 
to communications in a first logical layer of the access network associated with the first selected 
service provider and according to the first service qualification, 

wherein restricting the first client station to communications in the first logical layer of 
the access network associated with the first selected service provider comprises handling 
communications with the first client station according to a logic set established for the first 
logical layer, 

wherein handling communications with the first client station according to the logic set 
established for the first logical layer comprises disallowing at least a predetermined type of 
communication from passing from the first client station to outside of the access network, and 

wherein restricting the first client station to communications according to the first service 
qualification comprises, for each type of communication specified in the first service 
qualification, allowing or disallowing the type of communication by the first client station as 
specified by the first service qualification. 



22. (Previously presented) The method of claim 21, further comprising: 

prompting a second client station to select a service provider from among a plurality of 

service providers, and receiving a signal from the second client station, indicating a second 

selected service provider; 
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sending a second authentication request message for the second client station to the first 
selected service provider, the second authentication request message indicating authentication 
information for the second client station; 

receiving a second authentication response message from the second selected service 
provider, the second authentication response message indicating that second client station is 
authenticated by the second selected service provider, wherein the second authentication 
response includes a second service qualification that indicates at least one of (i) one or more 
types of services authorized for the second client station and (ii) one or more extents of service 
authorized for the second client station; and 

in response to the second authentication response message, restricting the second client 
station to communications in a second logical layer of the access network associated with the 
second selected service provider and according to the second service qualification. 

23. (Previously Presented) A communication system comprising: 

means for prompting a first client station to select a service provider from among a 
plurality of service providers, and for receiving a signal from the first client station, indicating a 
first selected service provider; 

means for sending a first authentication request message for the first client station to the 
first selected service provider, the first authentication request message indicating authentication 
information for the first client station; 

means for receiving a first authentication response message from the first selected service 
provider, the first authentication response message indicating that first client station is 
authenticated by the first selected service provider, wherein the first authentication response 
includes a first service qualification that indicates at least one of (i) one or more types of services 



authorized for the first client station and (ii) one or more extents of service authorized for the 
first client station, wherein the first service qualification specifies one or more types of 
communication and, for each specified type of communication, specifies whether the first client 
station is allowed to engage in the specified type of communication; and 

means for responding to the first authentication response message by restricting the first 
client station to communications in a first logical layer of the access network associated with the 
first selected service provider and according to the first service qualification, 

wherein restricting the first client station to communications in the first logical layer of 
the access network associated with the first selected service provider comprises handling 
communications with the first client station according to a logic set established for the first 
logical layer, and 

wherein handling communications with the first client station according to the logic set 
established for the first logical layer comprises disallowing at least a predetermined type of 
communication from passing from the first client station to outside of the access network, and 

wherein restricting the first client station to communications according to the first service 
qualification comprises, for each type of communication specified in the first service 
qualification, allowing or disallowing the type of communication by the first client station as 
specified by the first service qualification. 

24. (Previously presented) The communication system of claim 23, further 

comprising: 

means for prompting a second client station to select a service provider from among a 
plurality of service providers, and for receiving a signal from the second client station, indicating 
a second selected service provider; 



means for sending a second authentication request message for the second client station 
to the first selected service provider, the second authentication request message indicating 
authentication information for the second client station; 

means for receiving a second authentication response message from the second selected 
service provider, the second authentication response message indicating that second client 
station is authenticated by the second selected service provider, wherein the second 
authentication response includes a second service qualification that indicates at least one of (i) 
one or more types of services authorized for the second client station and (ii) one or more extents 
of service authorized for the second client station; and 

means for responding to the second authentication response message by restricting the 
second client station to communications in a second logical layer of the access network 
associated with the second selected service provider and according to the second service 
qualification. 

25 . (Previously presented) The method of claim 1 3 , further comprising : 
before receiving the authentication response, assigning the subscriber station to operate 
in a default layer of the access network; and 

handling communications in the default layer according to a default logic set. 

26-27. (Cancelled) 

28. (Previously presented) The method of claim 13, wherein handling 

communications with the subscriber station according to the logic set established for the 
designated layer comprises: 



detecting a web page being sent to an address on the designated layer; and 
injecting into the web page information specific to the designated service provider. 

29. (Previously presented) The method of claim 28, wherein the information 
comprises an advertisement for the designated service provider. 

30. (Previously presented) The method of claim 13, wherein the subscriber 
station communicates via an air interface with the access network. 

31. (Previously presented) The method of claim 13, wherein disallowing at 
least the predetermined type of communication from passing from the subscriber station to 
outside of the access network comprises disallowing all communications from passing from the 
subscriber station to outside of the access network. 

32. (Previously presented) The method of claim 21, wherein 
disallowing at least the predetermined type of communication from passing from the first client 
station to outside of the access network comprises disallowing all communications from passing 
from the first client station to outside of the access network. 

33. (Previously presented) The method of claim 23, wherein 
disallowing at least the predetermined type of communication from passing from the first client 
station to outside of the access network comprises disallowing all communications from passing 
from the first client station to outside of the access network. 



